Graudit uses extended regular expressions (POSIX) as it’s signatures and comes with several databases ready for use. You can extend the existing databases or make your own if you require additional signatures.

Default is aimed at finding low hanging fruit. It contains generic rules that should match common vulnerabilities in several languages. However, in order to find additional vulnerabilities for a specific language, you should use the language specific databases.